18 repository-uri
Security mechanisms that intercept HTTP requests at the gateway to validate identity before routing to backend services.
Distinguishing note: Specifically addresses gateway-level authentication interception rather than application-level middleware.
Explore 18 awesome GitHub repositories matching security & cryptography · Reverse Proxy Authentication. Refine with filters or upvote what's useful.
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
Intercepts incoming HTTP requests at the gateway level to validate user identity before granting access to protected backend services.
Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that
Defers identity verification to a reverse proxy that injects user credentials into request headers.
Navidrome is a self-hosted music streaming server designed to organize, index, and stream personal digital music collections. It functions as a centralized audio streaming platform that manages local audio files, automatically enriching them with metadata and artwork while providing a web interface for playback. The system supports multi-user access, allowing administrators to manage separate collections and listening histories with granular permissions. The platform distinguishes itself through its compatibility with the Subsonic API, enabling users to connect a wide range of third-party mus
Delegates user identity verification to external services via security headers for single sign-on integration.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Acts as a reverse proxy that secures internal web services by enforcing authentication against external identity providers.
ttyd is a web-based terminal emulator that shares a command-line shell over a web connection. It serves as a remote console and shell gateway, allowing for remote system administration and command execution through a standard web browser. The project includes specialized capabilities for rendering graphical images via the Sixel standard and supporting bidirectional file uploads and downloads using the ZMODEM transfer protocol. It supports collaborative terminal sharing, enabling multiple concurrent users to connect to the same running process or session in real time. The system provides secu
Supports identity verification via external HTTP headers provided by reverse proxies before granting terminal access.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users or creates accounts based on identity headers passed from an external proxy.
Kanboard este un instrument de management de proiect Kanban auto-găzduit și o suită de productivitate concepută pentru urmărirea sarcinilor software și colaborarea în echipă. Oferă un sistem vizual pentru gestionarea fluxurilor de lucru prin utilizarea panourilor, coloanelor și cardurilor. Proiectul dispune de un framework de plugin-uri extensibil și un API cuprinzător pentru administrarea programatică a sarcinilor și proiectelor. Include gestionarea specializată a identității prin integrarea LDAP, permițând sincronizarea conturilor de utilizator și a permisiunilor de grup de la serverele de directoare. Sistemul acoperă o gamă largă de capabilități, inclusiv automatizarea fluxului de lucru bazată pe evenimente, analize detaliate ale proiectului, cum ar fi diagramele burn-down și măsurarea timpului de ciclu, și control granular al accesului bazat pe roluri. De asemenea, suportă urmărirea integrată a timpului, descompunerea sarcinilor secundare și autentificarea multi-metodă, inclusiv autentificarea cu doi factori și suportul pentru proxy invers. Aplicația este compatibilă cu MySQL și PostgreSQL pentru stocarea persistentă a datelor și poate fi implementată folosind Docker Compose.
Identifies users by reading trusted HTTP headers provided by a reverse proxy to start sessions.
This project is a self-hosted recipe manager designed for organizing digital libraries, planning meals, and generating shopping lists. It serves as a central hub for recipe collection management, providing tools to store, categorize, and share recipes within a collaborative kitchen workflow. The system distinguishes itself through an AI-powered importer that extracts structured ingredients and instructions from images, PDFs, and websites. It further integrates with home automation environments as a containerized add-on and supports S3-compatible object storage for managing media files. The s
Delegates authentication to a reverse proxy by trusting the remote user header.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Acts as an authentication gateway that intercepts requests to validate identity before forwarding traffic to backend services.
dockprom is a monitoring stack based on Prometheus and Grafana designed to track the performance of Docker containers and their underlying hosts. It functions as a complete solution for gathering real-time metrics and displaying them through a self-hosted dashboard. The project includes a suite of tools for collecting container and host metrics, as well as a discovery tool specifically for automatically identifying and adding tagged EC2 instances to the monitoring configuration. The system covers several observability areas, including time-series data storage and the creation of performance
Secures monitoring dashboards via a reverse-proxy gateway that handles authentication and user registration.
Sqlpad este un client SQL bazat pe web și un workbench multi-tenant utilizat pentru scrierea, executarea și salvarea interogărilor pe mai multe baze de date relaționale și analitice. Acesta funcționează ca un manager de baze de date ODBC care permite utilizatorilor să gestioneze conexiunile și să exploreze schemele printr-o interfață de browser. Platforma se distinge ca un mediu colaborativ unde utilizatorii pot partaja documente SQL și coordona analiza datelor. Integrează federarea identității prin OpenID Connect, SAML, LDAP și OAuth, și oferă un sistem de vizualizare care redă rezultatele interogărilor în grafice și tabele. Sistemul acoperă domenii largi de capabilități, inclusiv controlul accesului bazat pe roluri pentru a restricționa conexiunile la baza de date, gestionarea stării sesiunii pentru tranzacții cu mai multe instrucțiuni și substituirea credențialelor la runtime pentru o securitate sporită. De asemenea, oferă persistența interogărilor și urmărirea istoricului pentru a gestiona ciclul de viață al instrucțiunilor SQL salvate.
Automatically creates and authenticates users by mapping request headers provided by an external reverse proxy.
ui-for-docker este un dashboard web și o interfață de gestionare pentru controlul și monitorizarea containerelor Docker. Oferă o alternativă grafică la linia de comandă pentru vizualizarea stării sarcinilor de lucru containerizate și administrarea motoarelor Docker. Interfața se conectează la daemon-ul Docker prin socket-uri Unix locale sau endpoint-uri TCP la distanță. Utilizează certificate și chei TLS pentru a securiza comunicarea cu motoarele la distanță și suportă restricționarea accesului prin autentificare HTTP de bază printr-un reverse proxy. Sistemul operează ca un frontend web stateless care traduce acțiunile utilizatorului în cereri trimise direct către API-ul motorului Docker.
Supports offloading user access control and credential verification to an external reverse proxy.
Calibre-Web-Automated is a self-hosted ebook library server that watches file system folders for new ebook files, automatically converts them to a target format, enriches their metadata from online sources, and inserts them into a Calibre-managed library. It provides a web interface for browsing, reading in-browser, searching full text, and managing collections, while also supporting user authentication through multiple protocols including OAuth 2.0, OpenID Connect, LDAP, magic links, and reverse proxy headers. The server integrates directly with Kobo e-reader devices, synchronizing books, co
Trusts authentication headers set by an upstream reverse proxy to authenticate users and auto-create accounts.
This project is an agentic retrieval-augmented generation platform and orchestration framework designed to connect large language models to private enterprise data. It serves as a self-hosted AI gateway that integrates vector databases and external tools to automate complex information retrieval and generation tasks. The system differentiates itself through an AI agent workflow builder that orchestrates multiple specialized agents with distinct roles to solve multi-step problems. It includes a dedicated vector database integration interface for indexing private documents and a secure sandbox
Implements gateway-level authentication and TLS encryption by intercepting requests via a reverse proxy.
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
Integrates an identity-aware proxy that validates user sessions before routing traffic to backend container services.
Wakapi is a self-hosted activity tracker that collects coding time and language statistics using the WakaTime API protocol. It monitors time spent on projects and programming languages to analyze productivity trends and coding patterns. The project provides a productivity dashboard for analyzing development patterns through time distribution plots and activity reports. It includes a badge generator to create dynamic SVG images and status cards for profile readmes, as well as public leaderboards to rank users based on coding activity. The system manages identity through local credentials or O
Validates user identities by trusting specific request headers passed from a trusted network gateway.
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
Supports bypassing internal login checks by trusting identity headers passed from a reverse proxy.
BabyBuddy is a self-hosted infant care tracking application designed for logging feedings, diaper changes, and growth metrics to monitor child development. It functions as a private data store for sensitive health and activity records, providing a containerized environment for managing childcare data across different hardware architectures. The system integrates with home automation hubs and provides a RESTful API to enable programmatic recording and querying of care data. It supports collaborative caregiver management, allowing multiple family members or professional caregivers to share acce
Identifies and authenticates users by trusting specific HTTP headers passed from a reverse proxy.